Security research company Zimperium zLabs has discovered what it believes to be the “worst Android vulnerability in the mobile operating system’s history.” About 95 per cent of Android smartphones and tablets worldwide are susceptible to the attack.

The bug, nicknamed Stagefright, allows scammers to hack into smartphones and tablets running Android version 2.2 or later. It works by stealing and monitoring users’ personal information through their applications. All scammers need to gain access is the user’s phone number.

What makes this scam particularly frightening is that unlike spear-phishing attacks, Stagefright doesn’t rely on users to take any action before it attacks. Spear-phishing attacks are relatively easier to guard against, since they usually require users to click on a link or open an email attachment. Stagefright can gain access to the user’s phone without users even realising.  

Once the device’s security has been breached, hackers can spy on the user by invading their applications, including the audio and camera. This means scammers can listen in on the user’s conversation and take note of the device’s surroundings.

Google is working hard to resolve the issue, but there is currently no way to prevent an attack.